Logging of Telnet Sessions | IBM Safenet/400 specification

Logging of TELNET Sessions

Under normal signon conditions (no auto signon allowed), each request for a TELNET session is logged into the transaction history file (TRAPOD) by IP address, and a user name of QSYS. QSYS is used because no user profile is associated with the actual TELNET session start request. Each logoff is also recorded by IP address with a user of QSYS.

If you use the auto signon feature, the request will be logged with the associated user set up in the Auto Signon Control file. Each logoff of a TELNET will also record the transaction with the user profile that was automatically signed on.

When *TELNETON is set to Level 3, only devices with IP addresses already registered will be permitted access to the TELNET server.

Changing the security level of the TELNET server functions takes effect immediately.

	SafeNet/400 Reference Guide
	♥ Copyright 2008 MP Associates of Westchester, Inc.	3.5
	V8.50 - May 2008	3.5
	V8.50 - May 2008

Image 47

IBM Safenet/400 manual Logging of Telnet Sessions

Contents

MP Associates of Westchester, Inc SAFENET/400 How to contact us Table of Contents 10.9 10.110.3 10.7 Group Profiles Navigating through the screens Logging Level N Setting the User Logging LevelsLogging Level a Logging Level R SafeNet Administrator Super Trusted User Control Maintain User to Server Security screen appears Entering User Security Levels ALL Active Servers Work User to Object Security screen is displayed Add New Object Authorization screen appearsEntering User Authorities to Objects Not Allowed for library Not Allowed for object Reminder Exclusions Copyright 2008 MP Associates of Westchester, Inc V8.50 May Maintain Authorized SQL Statements screen appears Entering User Authorities to SQL StatementsWork User to SQL Statements screen is displayed Type the user profile, the Group or *PUBLIC, then Enter Copyright 2008 MP Associates of Westchester, Inc V8.50 May Work with Authorized FTP Statements screen appears Entering User Authorities to FTP StatementsType the user profile or *PUBLIC then Enter Path Encrypted List Format Using FTP ClientUsing FTP Server Name Format Type each CL command that this user is permitted to use Work User to CL Commands, Enter User ID screen is displayedMaintain Authorized CL Commands screen appears Copyright 2008 MP Associates of Westchester, Inc Maintain Path Names screen appears Entering Long Path Names Copyright 2008 MP Associates of Westchester, Inc Remove Users from SafeNet screen appears Copy SafeNet User/Authorities screen is displayedRemoving a User from SafeNet/400 Maintain all Security for a User Authorized to At this time? Setting up Time of Day Controls Type the user profile, Enter and then press F10 User Time-of-Day Maintenance screen appears Copyright 2008 MP Associates of Westchester, Inc V8.50 May Copyright 2008 MP Associates of Westchester, Inc Setting UP Servers Level SafeNet/400 Server Function Security Levels Level Setting the Server Function Logging Levels Advanced Server Security Supported by Specific Servers Basic Server Security Supported by all ServersIntermediate Server Security Supported by all Servers Level 1, Log None Recommended Server Settings Level 1, Log None Level 3, Log All Limit user Distributed Data Management Level 1, Log All Log all requests Pwrdwnsys Maintain Server Security screen is displayed Entering Server Function Security Levels Copyright 2008 MP Associates of Westchester, Inc Customer Exit Programs Copyright 2008 MP Associates of Westchester, Inc Setting up Telnet Restricting Access to Specific Device Names Controlling Telnet Access by IP Address Setting the Required Password Type Allow Auto Signon Enter the password type 0 or 1 is required Logging of Telnet Sessions Type Wrksrv Setting up TCP/IP Address ControlsTurning on TCP/IP Address Checking Example Setting up TCP/IP Address Control Table Copyright 2008 MP Associates of Westchester, Inc Anonymous FTP Logon Libname Parameter Screen Selections Value DescriptionUse Wrktcpipa *FTPSERVER Use Wrktcpipa *FTPCLIENT Recommended that you leave this as Profilename Pword Password of *NONE and *USER for Locate the FTP Logon Server point Setting up for Anonymous FTPExample Page Select Option 6 Work with User to CL Command Security Setting up for Normal User IDs and FTP ServersPage Dynamic Host Configuration Protocol Dhcp Control and Reports Menu appears Working with Dhcp Current Dhcp Activity Copyright 2008 MP Associates of Westchester, Inc Maintaining MAC Addresses Fixed IP Addresses Purging Expired Dhcp Lease Information Ping Checker Reports Setup Reports Usage Reports Copyright 2008 MP Associates of Westchester, Inc Security Report by User in test mode Menu SN4, Option Testing Your Security Settings Copyright 2008 MP Associates of Westchester, Inc Security Levels to Check field Copyright 2008 MP Associates of Westchester, Inc Copyright 2008 MP Associates of Westchester, Inc V8.50 May On the Print Security Report screen fill in the following Batch Transaction Test Review/Report Security Report by User Copyright 2008 MP Associates of Westchester, Inc V8.50 May Copyright 2008 MP Associates of Westchester, Inc Recommended approach to testing Pcreview Copyright 2008 MP Associates of Westchester, Inc V8.50 May Copyright 2008 MP Associates of Westchester, Inc Log file Purge Strprg DAYS060 To perform a standard purge Strprgarc DAYS060 ARC*YES PRT*YES PRTR*NO RMVDEL*NO To purge the log and archive the records Automating the One Step Security Report Automating the log file purge Strprgarc DAYS005 Strprgarc DAYS001 Chgspcset LOGALL*YES to begin logging Daily Backup ProcedureEnter command Chgspcset LOGALL*NO Copyright 2008 MP Associates of Westchester, Inc Before de-activating De-activating SafeNet/400 To activate or de-activate SafeNet/400 Removing SafeNet/400 from your system Copyright 2008 MP Associates of Westchester, Inc 10.1 Error Message Received on the System 10.2 10.3 Error Message Received on the ClientCheck the request log for a ‘REJECTED’ response 10.4 10.5 10.6 If you still cannot resolve the problemAlso try Endtcpsvr *ALL, Endhostsvr *ALL then Strtcp 10.7 Examples of Client Error Messages 10.8 10.9 Error Codes which Appear in the Log 10.10 10.11 Additional Troubleshooting Tips 10.12 11.1 Resetting Level 5 within SafeNet/400 11.2 Select Option 6 Activate/De-Activate SafeNet/400 11.3 Pre-Power Down Program Point 11.4 Using Automatic Alert Notification 11.5 Activating SafeNet/400 Alert NotificationCreating a Distribution List 11.6 Profile SwappingOPT SafeNet/400 RQD 11.7 Setting up a Swap ProfileMaintain Authorized Swap Profiles screen appears 11.8 Journaling SafeNet/400 Security Files 11.9 Errord FileFiles Contained in SafeNet/400 Traparcw File 11.10 Trapod File 11.11 SafeNet/400 CommandsCommands Description 11.12 11.13 Wrkusrsec 11.14 12.1 Server Function Descriptions 12.2 Original Servers Levels Supported Where usedServer Identifier Format Name 12.4 12.5 Limitations 12.6 12.7 Usrlibl ALL 12.8 12.9 Original Message Server Description Original Message Server 12.10 12.11 12.12 12.13 Optimized Servers 12.14 12.15 12.16 12.17 12.18 12.19 Access to System i5 database through Odbc interface Database Server Entry Description Database Server Entry 12.21 Usage 12.22 12.23 12.24 12.25 12.26 Data Queue Server Description Data Queue Server 12.27 12.28 12.29 Access to entire file systemFile Server Description File Server Windows Explorer and other applications 12.30 Allflr ALL 12.31 Personnel ALL 12.32 PAYROLL.LI SALARY.FIL 12.33 Recommended Setting Level 4, Log AllUsage Notes/Limitations 12.34 12.35 FTP Logon Server Description FTP Logon Server 1 12.36 FTP Logon Server Description FTP Logon Server 2 12.37 FTP Logon Server Description FTP Logon Server 3 12.38 12.39 12.40 12.41 Pre-Power Down Description Pre-Power Down Server 12.42 12.43 Rexec Logon Server Description Rexec Logon Server 1Usage Notes 12.44 Rexec Logon Server Description Rexec Logon Server 2 12.45 12.46 Important Notes on setting up a user for ShowCase** Strategy 12.47 TCP Signon Server Description TCP Signon Server 12.48 12.49 12.50 Server Identifier Format Index Public